CVE-2024-36006

mlxsw: spectrum_acl_tcam: Fix incorrect list API usage

Description

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix incorrect list API usage Both the function that migrates all the chunks within a region and the function that migrates all the entries within a chunk call list_first_entry() on the respective lists without checking that the lists are not empty. This is incorrect usage of the API, which leads to the following warning [1]. Fix by returning if the lists are empty as there is nothing to migrate in this case. [1] WARNING: CPU: 0 PID: 6437 at drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c:1266 mlxsw_sp_acl_tcam_vchunk_migrate_all+0x1f1/0> Modules linked in: CPU: 0 PID: 6437 Comm: kworker/0:37 Not tainted 6.9.0-rc3-custom-00883-g94a65f079ef6 #39 Hardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019 Workqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work RIP: 0010:mlxsw_sp_acl_tcam_vchunk_migrate_all+0x1f1/0x2c0 [...] Call Trace: <TASK> mlxsw_sp_acl_tcam_vregion_rehash_work+0x6c/0x4a0 process_one_work+0x151/0x370 worker_thread+0x2cb/0x3e0 kthread+0xd0/0x100 ret_from_fork+0x34/0x50 ret_from_fork_asm+0x1a/0x30 </TASK>

N/A
CVSS
Severity:
EPSS 0.20%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/0b2c13b670b168e324e1cf109e67056a20fd610a
https://git.kernel.org/stable/c/09846c2309b150b8ce4e0ce96f058197598fc530
https://git.kernel.org/stable/c/64435b64e43d8ee60faa46c0cd04e323e8b2a7b0
https://git.kernel.org/stable/c/4526a56e02da3725db979358964df9cd9c567154
https://git.kernel.org/stable/c/ab4ecfb627338e440ae11def004c524a00d93e40
https://git.kernel.org/stable/c/af8b593c3dd9df82cb199be65863af004b09fd97
https://git.kernel.org/stable/c/b377add0f0117409c418ddd6504bd682ebe0bf79
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

Frequently Asked Questions

What is the severity of CVE-2024-36006?
CVE-2024-36006 has not yet been assigned a CVSS score.
How to fix CVE-2024-36006?
To fix CVE-2024-36006, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-36006 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-36006 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-36006?
CVE-2024-36006 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.